Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP
10 :
11 11 : void libspdm_register_get_encap_response_func(void *spdm_context,
12 : const libspdm_get_encap_response_func
13 : get_encap_response_func)
14 : {
15 : libspdm_context_t *context;
16 :
17 11 : context = spdm_context;
18 11 : context->get_encap_response_func = (void *)get_encap_response_func;
19 11 : }
20 :
21 : /**
22 : * Return the GET_ENCAP_RESPONSE function via request code.
23 : *
24 : * @param request_code The SPDM request code.
25 : *
26 : * @return GET_ENCAP_RESPONSE function according to the request code.
27 : **/
28 : static libspdm_get_encap_response_func
29 7 : libspdm_get_encap_response_func_via_request_code(uint8_t request_response_code)
30 : {
31 : typedef struct {
32 : uint8_t request_response_code;
33 : libspdm_get_encap_response_func get_encap_response_func;
34 : } libspdm_get_encap_response_struct_t;
35 :
36 : size_t index;
37 :
38 7 : libspdm_get_encap_response_struct_t get_encap_response_struct[] = {
39 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
40 : #if LIBSPDM_ENABLE_CAPABILITY_CERT_CAP
41 : { SPDM_GET_DIGESTS, libspdm_get_encap_response_digest },
42 : { SPDM_GET_CERTIFICATE, libspdm_get_encap_response_certificate },
43 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CERT_CAP */
44 :
45 : #if LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP
46 : { SPDM_CHALLENGE, libspdm_get_encap_response_challenge_auth },
47 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP */
48 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
49 :
50 : { SPDM_KEY_UPDATE, libspdm_get_encap_response_key_update },
51 :
52 : #if LIBSPDM_EVENT_RECIPIENT_SUPPORT
53 : { SPDM_SEND_EVENT, libspdm_get_encap_response_event_ack },
54 : #endif /* LIBSPDM_EVENT_RECIPIENT_SUPPORT */
55 :
56 : #if LIBSPDM_ENABLE_CAPABILITY_ENDPOINT_INFO_CAP
57 : { SPDM_GET_ENDPOINT_INFO, libspdm_get_encap_response_endpoint_info },
58 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENDPOINT_INFO_CAP */
59 : };
60 :
61 22 : for (index = 0; index < LIBSPDM_ARRAY_SIZE(get_encap_response_struct); index++) {
62 21 : if (request_response_code == get_encap_response_struct[index].request_response_code) {
63 6 : return get_encap_response_struct[index].get_encap_response_func;
64 : }
65 : }
66 1 : return NULL;
67 : }
68 :
69 : /**
70 : * This function processes encapsulated request.
71 : *
72 : * @param spdm_context A pointer to the SPDM context.
73 : * @param encap_request_size Size, in bytes, of the request data buffer.
74 : * @param encap_request A pointer to a destination buffer to store the request.
75 : * @param encap_response_size Size, in bytes, of the response data buffer.
76 : * @param encap_response A pointer to a destination buffer to store the response.
77 : **/
78 7 : static libspdm_return_t libspdm_process_encapsulated_request(libspdm_context_t *spdm_context,
79 : size_t encap_request_size,
80 : void *encap_request,
81 : size_t *encap_response_size,
82 : void *encap_response)
83 : {
84 : libspdm_get_encap_response_func get_encap_response_func;
85 : spdm_message_header_t *spdm_requester;
86 :
87 7 : spdm_requester = encap_request;
88 7 : if (encap_request_size < sizeof(spdm_message_header_t)) {
89 0 : return libspdm_generate_encap_error_response(
90 : spdm_context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
91 0 : spdm_requester->request_response_code,
92 : encap_response_size, encap_response);
93 : }
94 :
95 7 : get_encap_response_func = libspdm_get_encap_response_func_via_request_code(
96 7 : spdm_requester->request_response_code);
97 7 : if (get_encap_response_func == NULL) {
98 1 : get_encap_response_func =
99 1 : (libspdm_get_encap_response_func)spdm_context->get_encap_response_func;
100 : }
101 7 : if (get_encap_response_func != NULL) {
102 6 : return get_encap_response_func(
103 : spdm_context, encap_request_size, encap_request,
104 : encap_response_size, encap_response);
105 : } else {
106 1 : return libspdm_generate_encap_error_response(
107 : spdm_context, SPDM_ERROR_CODE_UNEXPECTED_REQUEST,
108 : 0, encap_response_size, encap_response);
109 : }
110 : }
111 :
112 11 : libspdm_return_t libspdm_encapsulated_request(libspdm_context_t *spdm_context,
113 : const uint32_t *session_id,
114 : uint8_t mut_auth_requested,
115 : uint8_t *req_slot_id_param)
116 : {
117 : libspdm_return_t status;
118 : uint8_t *spdm_request;
119 : size_t spdm_request_size;
120 : spdm_get_encapsulated_request_request_t
121 : *spdm_get_encapsulated_request_request;
122 : spdm_deliver_encapsulated_response_request_t
123 : *spdm_deliver_encapsulated_response_request;
124 : uint8_t *spdm_response;
125 : size_t spdm_response_size;
126 : spdm_encapsulated_request_response_t *libspdm_encapsulated_request_response;
127 : spdm_encapsulated_response_ack_response_t
128 : *spdm_encapsulated_response_ack_response;
129 : libspdm_session_info_t *session_info;
130 : uint8_t request_id;
131 : void *encapsulated_request;
132 : size_t encapsulated_request_size;
133 : void *encapsulated_response;
134 : size_t encapsulated_response_size;
135 : size_t ack_header_size;
136 :
137 : uint8_t *message;
138 : size_t message_size;
139 : size_t transport_header_size;
140 :
141 : #if LIBSPDM_ENABLE_CAPABILITY_CERT_CAP
142 : spdm_get_digest_request_t *get_digests;
143 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CERT_CAP */
144 :
145 11 : if (!libspdm_is_encap_supported(spdm_context)) {
146 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
147 : }
148 :
149 11 : if (session_id != NULL) {
150 0 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
151 0 : if (session_info == NULL) {
152 0 : LIBSPDM_ASSERT(false);
153 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
154 : }
155 0 : LIBSPDM_ASSERT((mut_auth_requested == 0) ||
156 : (mut_auth_requested ==
157 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST) ||
158 : (mut_auth_requested ==
159 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS));
160 : } else {
161 11 : LIBSPDM_ASSERT(mut_auth_requested == 0);
162 : }
163 :
164 :
165 : /* Cache */
166 11 : libspdm_reset_message_mut_b(spdm_context);
167 11 : libspdm_reset_message_mut_c(spdm_context);
168 :
169 11 : if (session_id == NULL) {
170 11 : spdm_context->last_spdm_request_session_id_valid = false;
171 11 : spdm_context->last_spdm_request_session_id = 0;
172 : } else {
173 0 : spdm_context->last_spdm_request_session_id_valid = true;
174 0 : spdm_context->last_spdm_request_session_id = *session_id;
175 : }
176 :
177 11 : if (mut_auth_requested == SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS) {
178 : #if LIBSPDM_ENABLE_CAPABILITY_CERT_CAP
179 0 : get_digests = (void *)spdm_context->last_spdm_request;
180 0 : get_digests->header.spdm_version = libspdm_get_connection_version (spdm_context);
181 0 : get_digests->header.request_response_code = SPDM_GET_DIGESTS;
182 0 : get_digests->header.param1 = 0;
183 0 : get_digests->header.param2 = 0;
184 0 : spdm_context->last_spdm_request_size = sizeof(spdm_get_digest_request_t);
185 0 : encapsulated_request = (void *)spdm_context->last_spdm_request;
186 0 : encapsulated_request_size = spdm_context->last_spdm_request_size;
187 0 : request_id = 0;
188 : #else /* LIBSPDM_ENABLE_CAPABILITY_CERT_CAP */
189 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
190 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CERT_CAP */
191 : } else {
192 11 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
193 11 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
194 11 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
195 0 : return status;
196 : }
197 11 : LIBSPDM_ASSERT (message_size >= transport_header_size +
198 : spdm_context->local_context.capability.transport_tail_size);
199 11 : spdm_request = (void *)(message + transport_header_size);
200 11 : spdm_request_size = message_size - transport_header_size -
201 11 : spdm_context->local_context.capability.transport_tail_size;
202 :
203 11 : spdm_context->crypto_request = true;
204 11 : spdm_get_encapsulated_request_request = (void *)spdm_request;
205 11 : spdm_get_encapsulated_request_request->header.spdm_version =
206 11 : libspdm_get_connection_version (spdm_context);
207 : spdm_get_encapsulated_request_request->header
208 11 : .request_response_code = SPDM_GET_ENCAPSULATED_REQUEST;
209 11 : spdm_get_encapsulated_request_request->header.param1 = 0;
210 11 : spdm_get_encapsulated_request_request->header.param2 = 0;
211 11 : spdm_request_size = sizeof(spdm_get_encapsulated_request_request_t);
212 11 : libspdm_reset_message_buffer_via_request_code
213 : (spdm_context, NULL,
214 11 : spdm_get_encapsulated_request_request->header.request_response_code);
215 11 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size,
216 : spdm_request);
217 11 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
218 1 : libspdm_release_sender_buffer (spdm_context);
219 1 : return status;
220 : }
221 10 : libspdm_release_sender_buffer (spdm_context);
222 10 : spdm_get_encapsulated_request_request = (void *)spdm_context->last_spdm_request;
223 :
224 : /* receive */
225 :
226 10 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
227 10 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
228 0 : return status;
229 : }
230 10 : LIBSPDM_ASSERT (message_size >= transport_header_size);
231 10 : spdm_response = (void *)(message);
232 10 : spdm_response_size = message_size;
233 :
234 10 : status = libspdm_receive_spdm_response(
235 : spdm_context, session_id, &spdm_response_size,
236 : (void **)&spdm_response);
237 10 : libspdm_encapsulated_request_response = (void *)spdm_response;
238 10 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
239 0 : libspdm_release_receiver_buffer (spdm_context);
240 0 : return status;
241 : }
242 10 : if (libspdm_encapsulated_request_response->header.spdm_version !=
243 10 : spdm_get_encapsulated_request_request->header.spdm_version) {
244 0 : libspdm_release_receiver_buffer (spdm_context);
245 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
246 : }
247 10 : if (libspdm_encapsulated_request_response->header.request_response_code == SPDM_ERROR) {
248 2 : const uint8_t error_code = libspdm_encapsulated_request_response->header.param1;
249 :
250 2 : libspdm_release_receiver_buffer(spdm_context);
251 :
252 2 : if (spdm_response_size < sizeof(spdm_error_response_t)) {
253 0 : libspdm_release_receiver_buffer (spdm_context);
254 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
255 : }
256 :
257 2 : if (mut_auth_requested == 0) {
258 : /* Responder can send NoPendingRequests or UnexpectedRequest if it has no
259 : * encapsulated request for the Requester. */
260 2 : if ((libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_13) &&
261 : (error_code == SPDM_ERROR_CODE_NO_PENDING_REQUESTS)) {
262 :
263 1 : return LIBSPDM_STATUS_SUCCESS;
264 : }
265 1 : if ((libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) &&
266 : (error_code == SPDM_ERROR_CODE_UNEXPECTED_REQUEST)) {
267 1 : return LIBSPDM_STATUS_SUCCESS;
268 : }
269 : }
270 0 : return LIBSPDM_STATUS_ERROR_PEER;
271 : }
272 :
273 8 : if (libspdm_encapsulated_request_response->header.request_response_code !=
274 : SPDM_ENCAPSULATED_REQUEST) {
275 0 : libspdm_release_receiver_buffer (spdm_context);
276 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
277 : }
278 8 : if (spdm_response_size <= sizeof(spdm_encapsulated_request_response_t)) {
279 1 : libspdm_release_receiver_buffer (spdm_context);
280 1 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
281 : }
282 :
283 7 : request_id = libspdm_encapsulated_request_response->header.param1;
284 :
285 7 : encapsulated_request = (void *)(libspdm_encapsulated_request_response + 1);
286 7 : encapsulated_request_size =
287 7 : spdm_response_size - sizeof(spdm_encapsulated_request_response_t);
288 :
289 7 : libspdm_copy_mem (spdm_context->last_spdm_request,
290 7 : libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context),
291 : encapsulated_request,
292 : encapsulated_request_size);
293 7 : spdm_context->last_spdm_request_size = encapsulated_request_size;
294 7 : encapsulated_request = (void *)spdm_context->last_spdm_request;
295 :
296 7 : libspdm_release_receiver_buffer (spdm_context);
297 : }
298 :
299 : while (true) {
300 : /* Process request. */
301 7 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
302 7 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
303 7 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
304 0 : return status;
305 : }
306 7 : LIBSPDM_ASSERT (message_size >= transport_header_size +
307 : spdm_context->local_context.capability.transport_tail_size);
308 7 : spdm_request = (void *)(message + transport_header_size);
309 7 : spdm_request_size = message_size - transport_header_size -
310 7 : spdm_context->local_context.capability.transport_tail_size;
311 :
312 7 : spdm_context->crypto_request = true;
313 7 : spdm_deliver_encapsulated_response_request = (void *)spdm_request;
314 7 : spdm_deliver_encapsulated_response_request->header.spdm_version =
315 7 : libspdm_get_connection_version (spdm_context);
316 7 : spdm_deliver_encapsulated_response_request->header.request_response_code =
317 : SPDM_DELIVER_ENCAPSULATED_RESPONSE;
318 7 : spdm_deliver_encapsulated_response_request->header.param1 = request_id;
319 7 : spdm_deliver_encapsulated_response_request->header.param2 = 0;
320 7 : encapsulated_response = (void *)(spdm_deliver_encapsulated_response_request + 1);
321 7 : encapsulated_response_size =
322 7 : spdm_request_size - sizeof(spdm_deliver_encapsulated_response_request_t);
323 :
324 7 : status = libspdm_process_encapsulated_request(
325 : spdm_context, encapsulated_request_size,
326 : encapsulated_request, &encapsulated_response_size,
327 : encapsulated_response);
328 7 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
329 0 : libspdm_release_sender_buffer (spdm_context);
330 0 : return status;
331 : }
332 :
333 7 : spdm_request_size =
334 7 : sizeof(spdm_deliver_encapsulated_response_request_t) + encapsulated_response_size;
335 7 : status = libspdm_send_spdm_request(
336 : spdm_context, session_id, spdm_request_size,
337 : spdm_request);
338 7 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
339 0 : libspdm_release_sender_buffer (spdm_context);
340 0 : return status;
341 : }
342 7 : libspdm_release_sender_buffer (spdm_context);
343 7 : spdm_deliver_encapsulated_response_request = (void *)spdm_context->last_spdm_request;
344 :
345 : /* Receive. */
346 7 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
347 7 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
348 0 : return status;
349 : }
350 7 : LIBSPDM_ASSERT (message_size >= transport_header_size);
351 7 : spdm_response = (void *)(message);
352 7 : spdm_response_size = message_size;
353 :
354 7 : status = libspdm_receive_spdm_response(
355 : spdm_context, session_id, &spdm_response_size,
356 : (void **)&spdm_response);
357 7 : spdm_encapsulated_response_ack_response = (void *)spdm_response;
358 7 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
359 0 : libspdm_release_receiver_buffer (spdm_context);
360 0 : return status;
361 : }
362 7 : if (spdm_encapsulated_response_ack_response->header.request_response_code !=
363 : SPDM_ENCAPSULATED_RESPONSE_ACK) {
364 1 : libspdm_release_receiver_buffer (spdm_context);
365 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
366 : }
367 6 : if (spdm_encapsulated_response_ack_response->header.spdm_version !=
368 6 : spdm_deliver_encapsulated_response_request->header.spdm_version) {
369 0 : libspdm_release_receiver_buffer (spdm_context);
370 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
371 : }
372 6 : if (spdm_encapsulated_response_ack_response->header.spdm_version >=
373 : SPDM_MESSAGE_VERSION_12) {
374 1 : ack_header_size = sizeof(spdm_encapsulated_response_ack_response_t);
375 : } else {
376 5 : ack_header_size = sizeof(spdm_message_header_t);
377 : }
378 6 : if (spdm_response_size < ack_header_size) {
379 0 : libspdm_release_receiver_buffer (spdm_context);
380 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
381 : }
382 :
383 6 : if (spdm_encapsulated_response_ack_response->header.spdm_version >=
384 : SPDM_MESSAGE_VERSION_12) {
385 1 : if (spdm_encapsulated_response_ack_response->ack_request_id !=
386 1 : spdm_deliver_encapsulated_response_request->header.param1) {
387 0 : libspdm_release_receiver_buffer (spdm_context);
388 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
389 : }
390 : }
391 :
392 6 : switch (spdm_encapsulated_response_ack_response->header.param2) {
393 5 : case SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_ABSENT:
394 5 : libspdm_release_receiver_buffer (spdm_context);
395 5 : return LIBSPDM_STATUS_SUCCESS;
396 0 : case SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_PRESENT:
397 0 : break;
398 1 : case SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_REQ_SLOT_NUMBER:
399 1 : if (spdm_response_size >= ack_header_size + sizeof(uint8_t)) {
400 1 : if ((req_slot_id_param != NULL) && (*req_slot_id_param == 0)) {
401 0 : *req_slot_id_param =
402 0 : *((uint8_t *)spdm_encapsulated_response_ack_response + ack_header_size);
403 : /* 0xFF or 0xF slot is not allowed. */
404 0 : if (*req_slot_id_param >= SPDM_MAX_SLOT_COUNT) {
405 0 : libspdm_release_receiver_buffer (spdm_context);
406 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
407 : }
408 :
409 0 : if ((spdm_encapsulated_response_ack_response->header.spdm_version >=
410 0 : SPDM_MESSAGE_VERSION_13) &&
411 0 : spdm_context->connection_info.multi_key_conn_req) {
412 0 : if ((spdm_context->local_context.local_key_usage_bit_mask[*req_slot_id_param
413 0 : ] & SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE) == 0) {
414 0 : libspdm_release_receiver_buffer (spdm_context);
415 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
416 : }
417 : }
418 : }
419 1 : libspdm_release_receiver_buffer (spdm_context);
420 1 : return LIBSPDM_STATUS_SUCCESS;
421 : } else {
422 0 : libspdm_release_receiver_buffer (spdm_context);
423 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
424 : }
425 : break;
426 0 : default:
427 0 : libspdm_release_receiver_buffer (spdm_context);
428 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
429 : }
430 0 : request_id = spdm_encapsulated_response_ack_response->header.param1;
431 :
432 0 : encapsulated_request =
433 : ((uint8_t *)spdm_encapsulated_response_ack_response + ack_header_size);
434 0 : encapsulated_request_size = spdm_response_size - ack_header_size;
435 :
436 0 : libspdm_copy_mem (spdm_context->last_spdm_request,
437 0 : libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context),
438 : encapsulated_request,
439 : encapsulated_request_size);
440 0 : spdm_context->last_spdm_request_size = encapsulated_request_size;
441 0 : encapsulated_request = (void *)spdm_context->last_spdm_request;
442 :
443 0 : libspdm_release_receiver_buffer (spdm_context);
444 : }
445 :
446 : return LIBSPDM_STATUS_SUCCESS;
447 : }
448 :
449 0 : libspdm_return_t libspdm_send_receive_encap_request(void *spdm_context, const uint32_t *session_id)
450 : {
451 0 : return libspdm_encapsulated_request(spdm_context, session_id, 0, NULL);
452 : }
453 :
454 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP */
|
